risk regulation - london school of economics...risk&regulation, summer 2011 3 carreditorial...

&THE COSTA CONCORDIA DISASTER

MONITORING AND EVALUATION IN THE THIRD SECTOR

GREECE: UNCERTAINTY IN EVERYDAY LIFE

REPORTING EXECUTIVE PAY

ACCOUNTABILITY AND EUROPEAN AGENCIES

Magazine of the Centre for Analysis of Risk and Regulation No 24 Winter 2012

&Risk Regulation

SPECIAL SECTION: ENTERPRISE RISK MANAGEMENT

REGULATION AND HERD MENTALITY

KNOWLEDGE SEEKING AND ERM

THE STRUGGLE FOR CODIFICATION

RISK MAPS

Contents

2 Risk&Regulation, Winter 2012

Risk&RegulAtioN: CARR RevieWNo 24 WiNteR 2012

editoR: Matthias Benzer AssistANt editoR: Lynsey Dickson

eNquiRies: Centre Administrator, Centre for Analysis of Risk and Regulation, the London school of economics and Political science, Houghton street, London WC2A 2Ae United Kingdom

tel: +44 (0)20 7955 6577 Fax: +44 (0)20 7955 7420 Website: lse.ac.uk/CARR email: [email protected]

Published by: Centre for Analysis of Risk and Regulation, the London school of economics and Political science, Houghton street, London WC2A 2Ae

Copyright in editorial matter and this collection as a whole: London school of economics © 2012 Copyright in individual articles: p 4-5 © Ross A Klein 2012 p 6-7 © Renuka Fernando 2012 p 8-9 © Athanasia Chalari 2012 p 10-11 © Yasmine Chahed, Lisa Goh 2012 p 12-13 © Madalina Busuioc 2012 p 14-15 © tim Leech 2012 p 16-17 © Kathleen Locklear 2012 p 18-19 © Anette Mikes 2012 p 20-21 © silvia Jordan 2012

All rights reserved. no part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, without the prior permission in writing of the publisher, nor be issued to the public or circulated in any form of binding or cover other than that in which it is published.

the school seeks to ensure that people are treated equitably, regardless of age, disability, race, nationality, ethnic or national origin, gender, religion, sexual orientation or personal circumstances.

the information in this magazine can be made available in alternative formats. Please contact the Web and Publications Administrator. tel: +44 (0)20 7955 6278 email: [email protected]

desigN ANd ARt diReCtioN: Lse Design Unit PRiNted by: Aquatint BsC CoveR iMAge: Caltiva, sXC PhotogRAPhy: istockphoto (p3, p6-7) Dreamstime.com (p5, p6-7, p14-15, p17, p18-19) sXC (p6-7, p8-9) Buddha image p7 by saleem Akber (sXC) sri Lanka flag image p7 by Vivekchugh (sXC)

Issn 1473-6004 online Issn: 1473-6012

Risk&Regulation is also published on CARR’s website. lse.ac.uk/riskAndRegulationMagazinelse.ac.uk/CARR

3 CARReDItoRIAL CARR Director Mike Power draws attention to the risk management dimension of the London

olympics and Paralympics.

4 CARRReseARCH In the Aftermath of the Costa Concordia Disaster Ross A Klein considers human and economic factors related to risk and safety concerns in the

aftermath of the Costa Concordia accident earlier this year.

6 CARRReseARCH Getting on with it: Monitoring and Evaluation in the Third Sector Renuka Fernando opens the black box of Monitoring and evaluation in a sri Lankan non-

Governmental organization

8 CARRReseARCH The Greek Crisis: Social and Personal Changes Athanasia Chalari discusses the difficulties Greeks experience at the social and personal level as

Greek society changes due to the austerity measures and the economic crisis. Greeks now realize their part of the responsibility in the formation of a new reality and have started transforming old habits and ways of living in order to cope with the constant alteration of Greek society and the uncertainty they experience in their everyday lives.

10 CARRReseARCH Reporting Executive Pay: Why so Complex? Yasmine Chahed and Lisa Goh look at how the UK Directors’ Remuneration Report has evolved

into one of the most “complex” elements of corporate reporting.

12 CARRReseARCH Not More but Better Regulatory Accountability: Tailoring

Accountability Obligations Madalina Busuioc discusses the pitfalls of across-the-board accountability in the case of

european agencies and the need for more customized approaches to regulatory accountability.

14 ERMsPeCIAL seCtIon The High Cost of “Herd Mentality” Tim Leech analyses the current approaches used by regulators to prevent the next wave of

corporate malfeasance. He suggests that more than a few approaches to regulatory reforms suffer from what he calls “herd mentality” and a lack of serious research to determine if the benefits to stakeholders are worth the massive costs imposed on public companies.

16 ERMsPeCIAL seCtIon Reflections on Knowledge and ERM: Lessons from the

Mars Rover Curiosity Kathleen Locklear discusses knowledge seeking as a critical departure point for eRM on a

journey toward getting things “less wrong”.

18 ERMsPeCIAL seCtIon The Struggle to Codify Risk Management Anette Mikes discusses the heated debates on the codification of risk management and argues

there is more to learn before we can reach closure.

20 ERMsPeCIAL seCtIon A Short History of Risk Maps or Why Do We Find Risk

Maps Appealing? Silvia Jordan discusses the characteristics of a prominent risk representation technology.

22 CARRneWs The latest news from CARR

23 CARRPeoPLe

Risk&Regulation, summer 2011 3

CARReDItoRIAL

Risk&Regulation, Winter 2012 3

The UK has been preoccupied with a festival of sport this summer – the olympics and Paralympics – which in the eyes of many has been a celebration of both nationhood

and London. Commentators have repeatedly alluded to the spirit of the Games, and to the manner in which the British flag has emerged from the shadows to become a thing of pride and even “cool”. there was Danny Boyle’s opening ceremony which was quirky, ironic, historical, and sociological in a manner which surprised everyone, delighting many Brits with its in-jokes and no doubt puzzling the majority of foreigners. there was also the purple army of volunteers whose smiles and cheers greeted spectators at all the venues. And then there was a stream of medals for the host nation coupled to unparalleled crowd attendances at multiple stadia, some of which had been constructed in iconic London sites.

Much has been written and no doubt more will be written about the event in sporting terms, but the organizational story deserves as much attention. the firm Deloitte likened this mega- of megaprojects to the construction and dismantling of a Ftse 100 company with thousands of employees over a six year period. It is the sheer scale and complexity of the task of staging the Games which is so striking, and this was fundamentally a matter of risk management, as Will Jennings, a CARR Research Associate, reminds us in his recent book (2012).

the olympic Games is in effect a portfolio of large projects, sub-projects, and contractual relationships, all requiring the highest levels of coordination and communication, not least to integrate building programmes with event design, to manage budgets, and to plan for unforeseen contingencies. the risk mapping required can scarcely be imagined.

Were the Games a success in risk management terms? Without diminishing the significance of a cyclist who died after being hit by an olympic bus, it would seem so. Construction projects were completed on time; security staffing shortfalls were taken up by the army; no terrorist attacks (of which we are aware) took place, although there were cyber-attacks on the ticketing site; and the anticipated logistical chaos in London did not crystallize. there were issues with ticket availability and empty seats in the face of excess demand, but even this seemed to recede in the face of an overwhelmingly smooth operation. of course, there are risks which linger. samples continue to be tested for doping – a reputational risk for the collective memory of the event as much as for individual athletes. And the long term costs and benefits – the much discussed legacy – will no doubt continue to be debated and contested. But from an event risk management point of view, the olympic Games look as close to success as one can get.Yet, can the quality of a process be judged in terms of outcomes alone? Did luck and benign side effects play as big a role as excellent management? Did the transport system cope because of good planning or because thousands of Londoners and tourists decided to give London a miss? Did the

CARR Director Mike Power draws attention to the risk management dimension of the London olympics and Paralympics.

Editorial

ring of security, including missile sites on top of east London tower blocks, deter attackers? this is the universal puzzle for risk management. An absence of risk crystallization is at best an ambiguous signal of its quality, just as adverse events do not necessarily mean that it has failed. nevertheless, it is likely that, to adapt a phrase from the golfer Gary Player, the “better one prepares, the luckier one is”. For this reason, the risk team at LoCoG deserves our congratulations.

As usual, the current issue of Risk & Regulation is full of interesting essays, covering: how young Greeks are coping with personal risk in the drastically changed circumstances of that nation, the Costa Concordia disaster, executive remuneration, and the manner in which nGos in post war sri Lanka are dealing with complex accountability demands. We also have a special section with four essays on enterprise Risk Management. though seemingly very different in focus, all these contributions epitomize the continuing richness, breadth, and interdisciplinarity of CARR’s agenda. I hope you will enjoy them and continue to take an interest in our work.

Finally, we welcome two new LSE Fellows in Risk and Regulation to CARR: Martha Poon, working on the sociology of financial risk, and Madalina Busuioc, a contributor to this issue, who will address the political economy of the “risk management state” (see CARR news for further details).

Mike Power CARR Director

ReferenceJennings, W. (2012) Olympic Risks. Basingstoke: Palgrave Macmillan.

CARRReseARCH


CARRReseARCH

Ross A Klein considers human and economic factors related to risk and safety concerns in the aftermath of the Costa Concordia accident earlier this year.

The partial sinking of the cruise liner Costa Concordia off the Italian coast in January 2012 quickly captured the world’s attention.

The interest was partly a response to the drama and human tragedy playing out in the mass media. It was also a response to the incident’s incongruence with the industry’s claim that cruises are safe, “the safest mode of commercial transportation”, as they say. In reality, the cruise industry’s safety record is not as accident-free as they suggest. For example, there were ten accidents involving Costa Cruises ships in the four years prior to the Costa Concordia event, including the Concordia’s collision with the pier in Palermo in 2008 and, in 2010, its sister ship, Costa Classica, slamming a pier in Sharm el-Sheikh, causing the death of three crewmembers and injuries to four passengers. Costa Cruises is no more accident prone than other cruise lines.

The purpose here is not to discuss the range and frequency of accidents at sea. Instead, this essay looks at the Costa Concordia accident with a view to understanding factors underlying these occurrences.

the human factorFollowing the Costa Concordia disaster, considerable attention was paid to the Captain’s actions. While he was criticized for sailing too close to shore, he said in his defence that sail-by salutes were common and that he was following instructions from the company. The debate on whether he was instructed to do this helped shift the focus away from more critical issues regarding risk and safety/security.

One issue that quickly emerged was crew training. There were many reports of the crew not providing direction and support to passengers as they attempted to evacuate the ship and of crewmembers (including the Captain) leaving the ship before passengers. The obvious question is whether crewmembers were properly trained to deal with such emergencies, and whether the

training they receive is sufficient. International regulations require such training; however, it would appear that either the training is inadequate (either in content or in method) or crewmembers are not internalizing in practice what they have learned. Because regulations do not dictate how training is to be developed, different cruise lines may use different methods. At one time training was experiential in nature, but increasingly there is a move to provide training online: candidates pass a test online and are judged to have the knowledge and the skills to deal with emergency situations. An obvious question is whether this is adequate. How can we ensure crewmembers have the knowledge and skills needed and will use the training in an emergency situation?

A second issue is bridge management. There are many regulations governing what happens on the bridge of a ship; problems arise when these regulations are not followed. The investigation into the 1999 collision of Norwegian Cruise Line’s Norwegian Dream with the Ever Decent in the English Channel found that the Officer on Watch was not adequately trained for the job he was doing, and that the company’s policies had not been followed (Klein 2001: 128). The investigation into a near miss in 1996 between Holland America Line’s Statendam and a barge carrying propane and dynamite similarly attributed fault to failure of bridge officers to follow established bridge resource management procedures (TSB 1998). Training is one thing; crew behaviour is another. This is further complicated by the problem of fatigue, identified in the late 1990s/early 2000s in reports from the International Transport Workers Federation (ITF 1998) and the International Commission on Shipping (ICONS 2000) as a leading cause of shipboard accidents.

Regulations have not changed to deal with the problem – despite the reports.

Following regulations and company policies does not only concern the bridge. For example, it is not uncommon for watertight doors on cruise ships to be left open. This is convenient for the crew, but it poses a safety issue. Apparently, all watertight doors on Costa Concordia had not been closed. In addition, ships are required to have a “black box” to record vital information and conversations on the bridge. The Costa Concordia had a “black box”, but ten days earlier it had been reported to the company as broken and it had not been repaired or replaced.

One additional issue is the conduct of lifeboat (muster) drills. The International Convention on Safety of Life at Sea (SOLAS) requires a muster drill be held within the first 24 hours of a cruise of seven days or longer. Common practice until recently was for these drills to be held before leaving port, but that was not the case with the Costa Concordia. It was also common practice, at least in the 1980s and 1990s, to hold muster drills at lifeboat stations: passengers would attend wearing their life vests (and undergo inspection by a senior officer to ensure it was properly worn); there would be a roll call; and often lifeboats would be partially lowered to demonstrate how they come into place and how they are boarded in an emergency. In the last decade, cruise ships have increasingly turned to virtual lifeboat drills. Passengers congregate in a theatre and are shown a video – in many cases they are not required to put on their life vests. While this may not violate SOLAS requirements, it certainly dilutes the value of a muster drill in

IN THE AFTERMATH OF THE COSTA CONCORDIA DISASTER

“In the last decade, cruise ships have increasingly turned to virtual lifeboat drills. Passengers congregate in a theatre and are shown a video – in many cases they are not required to put on their life vests.”

Risk&Regulation, summer 2011 5 Risk&Regulation, Winter 2012 5

preparing passengers for an emergency leading to a call to abandon ship.

Regulations versus profitFollowing the Costa Concordia accident, most cruise lines committed to holding lifeboat drills prior to a ship leaving port. This commitment made headlines, though no details were given about the nature of lifeboat drills. Many cruise ships continued to use virtual drills, and there are indications that what takes place at the drill is less instructive than was the norm ten or twenty years ago. Interestingly, a reporter with a major travel magazine went on a ship to assess the new procedures. He reported to me that what he observed was inconsistent with the assurances given to the media by the cruise industry. However, his observations never made it into print due to the publication’s dependence on the cruise industry for advertising revenue.

Economics also likely played a role in the decision to delay muster drills until the second day of the Costa Concordia’s cruise. Passengers came onboard and began sailaway parties as the time of departure neared. A muster drill in the middle of this disrupts the party atmosphere and reduces the flow of money into the cash registers of shipboard bars. It is in the cruise ship’s economic interest not to interrupt the celebrations and the drinking that goes with it. Concern for safety potentially takes a back seat to concern for generating income.

Economic factors are also at the root of two other issues. First, life vests: SOLAS requires a ship to have enough life vests to accommodate each passenger (adult and child), but it does not dictate where life vests are stored. Traditionally, life vests have been located in passenger cabins with an extra supply at lifeboat stations in case in an emergency passengers could not return to their room to collect their life vest. In the aftermath of the Costa Concordia incident, there were reports that some ships no longer place life

vests in passenger cabins; all life vests are stored at lifeboat stations. This makes perfect sense if passengers can always get to their lifeboat stations. It doesn’t make sense, however, when one considers that passengers spend more time in their rooms than anywhere else on the ship and in an emergency during the night may not be able to find their lifeboat station. Why would a cruise ship make this change? Likely to save money: they need less redundancy of life vests, which saves money on the costs of the vests and of periodically replacing their batteries. If passenger safety were the priority, ships would increase rather than decrease the number of life vests.

A second economic factor is ship size. A large cruise ship in the 1970s and early 1980s weighed 20,000–30,000 tons and accommodated 1,500 passengers. The Costa Concordia, built in 2006, was 114,000 tons and accommodated 3,780 passengers. It is dwarfed by the largest ships afloat, Allure of the Seas and Oasis of the Seas, which weigh 225,000 tons and accommodate over 6,000 passengers. Increasing ship size and passenger capacity saves money through economies of scale and increases income and profit. On an economic level, all of this makes sense, but it means ignoring the SOLAS requirement that a ship can be abandoned within 30 minutes of an abandon ship call. This time frame was practical with older ships, but it is increasingly unrealistic as ships are becoming bigger. The problem is acknowledged by the industry. However, it advocates extending the time allotted for evacuation rather than reducing ship size or changing ship design to ensure the regulation can be met.

in closingThe Costa Concordia incident brought to the forefront issues around risk related to cruise ship travel – risk to the ship and to passengers. While the cruise line would like to attribute the accident to one rogue Captain, this explanation

is too simplistic. There are other factors. One is a tendency for people to not take regulations and policies seriously – human behaviour does not consistently correspond. Another tendency is for companies to allow compliance with safety regulations to be tempered by economic considerations. The result is two problems: firstly, whether regulations in force are sufficient to reduce risk or harm; secondly, whether regulations and policies are enforced. There are two concurrent needs: updating as well as enforcing regulations to reduce risk.

ReferencesICONS (2000) Inquiry into ship safety: ships, slaves and competition. Charlestown, NSW: International Commission on Shipping.

ITF (1998) Seafarer fatigue: wake up to the dangers. London: International Transport Workers Federation.

Klein, R.A. (2001) Death by chocolate: what you must know before taking a cruise. St John’s, NL: Breakwater Books.

TSB (1998) Near-collision between the cruise ship “STATENDAM” and the tug/barge unit “BELLEISLE SOUND”/“RADIUM 622” Discovery Passage, British Columbia 11 August 1996. Ottawa: Transportation Safety Board of Canada.

Ross A Klein is Professor of Tourism and Social Work at Memorial University of Newfoundland. He has written widely about the cruise industry and maintains the website www.cruisejunkie.com


addition, agreed upon donor budget allocations hinder an nGo from utilizing funds for “core” development. this means that resources and expertise needed to grapple effectively with diverse reporting demands or devise an independent overarching M&e system are unavailable. Moreover, nGos face deeper, often overlooked, questions notably: what is the value add of M&e and what have we achieved through it so far? one interviewee noted:

“of course a lot of people like to have measurements for various things, have indicators and all that, but in the long run − in spite of all their indicators and universities wasting time of their academic staff as well as the students − have they eliminated poverty on this earth? Have they prevented conflicts in the world?”

the interviewee further describes their nGo’s vision to “create energy at the level of individuals, communities, nations, and the nation as a whole so that we evolve a kind of synergy that will help human beings to live with nature without destroying nature”.

And we all must pause and wonder, at least for a moment, whether any act of measuring or earthly reporting system has ever been able to account for “synergy”. Is it even possible? And if not, is the practice of M&e, in this respect, benign?

Coping with M&e – doubts and all the M&e rhetoric has been internalized by key “donor facing” sections of the nGo. the executive committee, proposal writing, and project implementation departments speak the M&e language. A vocabulary of targets, indicators, outcomes, outputs, inputs, and, of course, results rolls off the tongue. there are genuine distinctions between these words; however, one must memorize different meanings based on donor preferences. Knowledge of M&e terminology is accompanied by a familiarity with major M&e tools: the project cycle, Logframe, theories of Change, and budgets. other supporting departments – the legal unit, human resources, and finance – have limited exposure to M&e discourse and practice.

the delivery of M&e knowledge is systemized through the respective project, not by the nGo as a whole or through staff professional backgrounds. educational backgrounds range from engineering to sociology. Projects are the point of contact for M&e, especially from the manager level downwards. the project determines the kind of

Sri Lanka, a tear shaped island off the coast of India, is no stranger to notions of accountability. three decades of civil war, a

devastating tsunami, and an entrenched diaspora in key Western nations have precipitated a fruitful soil and nourishing funds for non-Governmental organizations. nGos have called for accountability: the investigation of war crimes, a voice for the battered disenfranchised, and the dismantling of a culture of corruption. Recently, nGos themselves have become an object of accountability. the selection of “beneficiaries”, allocation of funds, and ultimate project activities are scrutinized to varying degrees.

one obscure arena in which the push for account-ability manifests is Monitoring and evaluation (M&e). M&e aims to “mitigate poor project per-formance, demonstrate accountability and promote organizational learning for the benefit of future projects” (Crawford and Bryce 2003: 363). Research conducted in one of sri Lanka’s largest and oldest grassroots nGos suggests that the nitty gritty of village trench work is foremost on nGos’ minds. M&e is an afterthought and, in some instances, a hindrance to “getting on with it”. staff struggle to fill in donor forms in a language foreign to their own, photographs are snapped for glossy publications, and incomparable project data are stockpiled. the stated benefits of M&e – mitigate, demonstrate, promote – have not taken root. In addition, meeting the demand for M&e requires a slew of resources – time, money, and expertise – which are diverted from urgent project work and invested into collecting and digesting selectively “worthy” information.

M&e turned out to be something rather deflated, but in this deflated form there keeps lingering the ghost of what it could be.

Playing the M&e blame gamethe decoupling of practice and aspiration is no one’s fault. Donors need a semblance of M&e systems in place to appease taxpayers or larger granters. they are held accountable and in turn must pass the buck of accountability to those they fund.

nGos, however, are in a greater pickle. Unless there is an endless supply of unrestricted funds, the flow of monies through an organization is dependent on meeting not one, but multiple, donor requirements. In

CARRReseARCH

getting on with it: monitoring and evaluation in the third sector

M&e required. Depending on the donor requirements for a project, M&e could intensively adhere to indicators, sub-indicators, and reporting on targets in a Logframe or merely demand a few quotes, pictures, and “success stories” in a narrative end of project report.

Donors may offer training sessions for their project, explicitly outlining their M&e ethos and tool specifications. In some cases, donor handbooks on “best practice” and expectations become the reference point for clarification, defeating the value of a standardized text for the field of M&e. the downside of M&e tied to a project rather than the organization or a larger “M&e culture” is that reporting and tools must be “relearned” when transferring to a new project.

A strategy often adopted by nGos is to make M&e “visible”. there is a great deal of emphasis on adorning offices and hallways with photographs, maps of project locations, staff structures, vision statements, and planning/monitoring schedules. Donors and other partners are toured through workplaces. the guide – usually a senior staff member – explains a project and how work is conducted through these illustrations. In some instances, M&e tools themselves are posted on the wall for staff and visitor reference. the need for M&e visualization prompts a push at the ground level to take appropriate pictures: smiling families in a shelter stamped with a donor symbol or dancing street children playing with toys against a background of hopelessness. M&e starts having a recognizable number free face that a donor can appreciate and nGo staff can capture.

is M&e forgetting something? the complexity of M&e is not only due to diverse donor preferences, but also a layering of M&e styled demands from other actors such as regulators and the government.

the sri Lankan government requires that projects, especially in the conflict affected north and east, subscribe to recommendations produced in the Lessons Learnt and Reconciliation Commission (LLRC) report. LLRC is an in-country assessment of “the conflict phase and the sufferings the country

Renuka Fernando opens the black box of Monitoring and evaluation in a sri Lankan non-Governmental organization

Risk&Regulation, summer 2011 7 Risk&Regulation, summer 2010 7

themselves to entrenched M&e cultures as a starting point for inventorying and analysing risk.

Ways forwardIt is possible for nGos to get on with their work and participate in the M&e accountability ambition. Honest conversations between donors, governments, regulators, and, of course, nGos need to be had. the key question is: What do we really want from M&e?

If the answer is simply for nGos to submit lengthy photo filled, story sprinkled, number laden reports, then we have achieved all that we can out of M&e. But if we agree that reports should not merely be shelved, and that maximizing the potentialities of M&e begins with harmonizing the myriad of approaches to it, then we have a long way to go.

the attitude towards M&e needs to be re-established as a collective effort, replacing its current piecemeal application. Furthermore, seeds for common ground on what M&e is should be planted, so that knowledge is not limited to being “relevant” for one donor or project only. Hopefully, an organic organizational M&e culture will take hold. In the world of nGos, one firmly established management culture could be exactly what is needed to contemplate and configure other overlooked administration themes. A comprehensive approach could unwittingly propel us into a new age of accountability.

ReferencesAmnesty International (2011) Sri Lanka report falls short. www.amnesty.org/en/for-media/press-releases/sri-lanka-report-falls-short-2011-12-16

Crawford, P. and Bryce P. (2003) “Project monitoring and evaluation: a method for enhancing the efficiency and effectiveness of aid project implementation”. International Journal of Project Management 21(5): 363-73.

Lessons Learnt and Reconciliation Commission (2012) The Lessons Learnt and Reconciliation Commission. www.llrc.lk/

tamilnet (2011) TNA demands internationally mandated mechanism for war-crimes accountability. www.tamilnet.com/art.html?catid=13&artid=34720

Renuka Fernando is a PhD student in the Department of Accounting at Lse. Her work explores the role of accounting in international nGos.


has gone through as a whole” (LLRC 2012). In

March 2012, the 285 LLRC recommendations gained international

legitimacy as they were endorsed over the Report of the secretary-General’s Panel of experts on Accountability in sri Lanka at the 19th United nations Human Rights Council session. the home-grown approach is not without its critics. Amnesty International (2011) stated that the LLRC ignores “serious evidence of war crimes, crimes against humanity and other violations of the laws of war by government forces”. the tamil national Alliance, the largest political party representing tamils, has called for an international “accountability mechanism” for the implementation of the LLRC itself (tamilnet 2011).

the political debate of “who are the holders and practitioners of accountability?” trickles down to the

nGo level and exacerbates reporting. Immediately after the end of the civil conflict, the government forged the Presidential task Force and demarcated

restricted nGo zones (many of which have been lifted). For any project in the north, nGos must currently submit proposals, activities, budgets, financing sources etc to the Presidential task Force for approval and continue to report as requested for the duration of the project. nGos provide Presidential task Force documentation

in addition to participating in a three-tiered government authorization and oversight nGo reporting structure: Government Agent (central government appointee), Divisional secretariat

(district administrator), and Grama sevaka (village leader).

In a similar fashion to M&e tools, government reporting mechanisms seek data that reveals whether an nGo is accountable or not. though approaching the question from a different angle, the government

draws upon the same pool of information as their donor

counterparts. there are, however, minute differences between these two systems of surveillance –

government and M&e – that prevent harmonization of interests into a single

M&e framework. For example, data is tailored to the audience, donor or government. Donors prefer sexy words like “conflict resolution”, “marginalized communities”, and “reconciliation”, whereas, in light of international accountability concerns, the government’s preferences are restricted to “community development”, “reconstruction”, and “rehabilitation”. nGos are forced to speak dialects of M&e rather than a standardized discourse; funding or approvals hang in the balance.

the M&e umbrella has failed to reflect the multitude of accountability interests or label other forms of reporting as M&e. If the margins of what counts as M&e were expanded, reporting duplication could be eliminated or possibilities to streamline data collection could be created. In addition, a culture of M&e could start gaining traction in an nGo, as all monitoring responsibilities and evaluation tasks – donor and non-donor – would be meaningfully weighted in project discussions. the establishment of a strong M&e culture could have implications for the development of other management cultures, such as risk culture. Risk cultures could attach

“The need for M&E visualization prompts a push at the ground level to take appropriate pictures: smiling families in a shelter stamped with a donor symbol or dancing street children playing with toys against a background of hopelessness.”



CARRReseARCH

the greek Crisis: social and Personal Changes Athanasia Chalari discusses the difficulties Greeks experience at the social and personal level as Greek society changes due to the austerity measures and the economic crisis. Greeks now realize their part of the responsibility in the formation of a new reality and have started transforming old habits and ways of living in order to cope with the constant alteration of Greek society and the uncertainty they experience in their everyday lives.

Greek society is currently experiencing significant economic, political, and social changes. Much has been written and said

about the economic and political challenges that Greek society has to confront. However, the social change of this particular society has not received equal or systematic attention. Greeks are now experiencing a different social reality (in relation to older generations) which is characterized, inter alia, by uncertainty, insecurity, mobility, and the inability to produce specific projections for their future lives. the young Greek generation particularly have now realized that certain social anomalies inherited from older generations can no longer be sustained as everyday living in Greece has become more complicated, demanding, and challenging. such social discontinuities concern aspects of Greek mentality which are no longer effective, for instance the concept of “volema” (to get into or remain in a situation/position that works for oneself without considering others), “meso” (the intermediary – usually a politician – who helps one accomplish what needs to be accomplished), “rousfeti” (clientelism), and “ohaderfismos” (to “get by” without caring about tomorrow).

Greeks need to find their place within a new reality, which features high rates of unemployment, increasing suicide rates (40 per cent rise during the last year), continuous lack of trust in politicians and with one another, unprecedented austerity measures, and political and social instability. this new social reality requires an ability to readjust rapidly and an awareness of the social transformations. In that sense, Greeks, and particularly the young generation, are now called upon to reform the current Greek society and also be reformed by it. A recent study reveals how Greeks experience the crisis and its impact on their lives.

Participants contributing to this empirical study (age 25-45, interviews conducted in Athens, syros, and Lesbos islands) discussed their experiences of Greek society during the crisis and how their lives have changed. Very characteristically, some of them said: “We see our dreams destroyed and our hopes for a better future disappear” (emma, 27); “the way Greeks live their lives has now changed; now things are worse” (Amy, 38); “You can’t understand exactly what is happening or what the government wants to do. I can’t follow anymore” (Maria, 37); “the situation creates insecurity for everyone about the future” (Mina, 45). It is therefore understood that participants perceive current Greek society in very pessimistic terms. they express negativity,

“Participants explain that their main concern is how to make a living, get a job, or not to lose their job. They feel that they have to be grateful if they are still employed, even though the employment conditions are becoming more exploitative.”

Risk&Regulation, summer 2011 9 Risk&Regulation, summer 2011 9 Risk&Regulation, Winter 2012 9

pessimism, disappointment, and disorientation, particularly regarding any specific plans that could improve their everyday lives. Participants explain that their main concern is how to make a living, get a job, or not to lose their job. they feel that they have to be grateful if they are still employed, even though the employment conditions are becoming more exploitative.

on everyday life, participants explain that their way of living has dramatically changed, and further difficulties are anticipated: “Professionally, there is a constant feeling of insecurity. not to get fired, to be good in our job, to get along with small salaries” (emma, 27); “Professionally, I don’t know if I will have a job tomorrow, and personally, I have no desire to do anything joyful anymore. there is so much insecurity about everything” (Antonis, 29); “Psychologically, it influences me a lot. If you see a society that suffers and everyone in your environment suffer, you can’t remain distant” (nicos, 35). Although there is homogeneity of answers regarding how difficult and challenging everyday life has become for Greeks, participants do not blame exclusively the weakness of the Greek political system, the inability of the Greek politicians to provide concrete solutions, and the hostility of other european countries towards Greece. Participants are beginning to realize that they have contributed to the formation of this new reality and they try to explain what their part of the responsibility is: “I might have contributed through my tolerance” (Mina, 45); “being silent means to consent” (thodoris, 44); “yes, by doing nothing” (Petros, 30); “we all played a part” (Makis, 35); “we have all contributed” (Antonis, 29; emma, 28; Melina, 32); “passively, yes” (nicos, 35). this means that they do not see themselves as victims of the situation or as passive receivers of other people’s decisions, although they do feel insecure, uncertain, and afraid of the future. Whilst there are repeated references to the lack of justice, the need to punish culprits, the inadequate health and educational systems, participants displayed a critical understanding of the current situation

and of their contribution and responsibility. this study supports the view that Greeks have come to realize what their share of the responsibility is and that they seem willing to change old ideas and practices that are now ineffective. However, it would be prejudicial to conclude that Greek citizens and politicians are seen as sharing an equal part of the responsibility. on the contrary, there is an increasing demand for justice and punishment of the politicians who allowed the country’s debt to spiral out of control.

As participants describe how difficult and challenging it is for them to confront and encounter their present everyday life, they also acknowledge what helps them make it through the day. some try to find their own means to deal with their concerns, others share their experiences with people close to them: “I tell myself that things will improve” (Amy, 38); “the more prepared I get, the better I feel” (eleni, 34); “I offer my help to people who need it” (theodoris, 44); “I share my thoughts with those who feel the same way” (Antonis, 29); “I try to be informed” (Kety, 26). In their answers, priority is given to their personal everyday life and their own concerns. this indicates a tendency among participants to rely primarily on personal and subjective means of support. It is interesting to note that they do not expect any external aid or governmental provision. Participants become more specific though when they are asked what they can do for things to change: “I try to change my habits, my way of living” (Giorgos, 41); “In my everyday life, I try to be as conscious as I can in my decisions and protect my family” (Amy, 38); “the most important thing is to be able to realize what is going on. And to be aware of my own responsibility” (Christina, 36); “I try, as a friend, as a mother, as a wife, to improve things on my own” (Georgia, 38). It is striking that although some answers involve collective actions, most responses referred to ways of personal improvement or support through the family. It is therefore evident that resilience through family and friends does play a significant role in encountering the crisis and that the role of

the family remains extremely important in Greek society as it replaces the impaired Greek state to provide adequate support.

Although disappointment and insecurity were main themes in all interviews, no intention of violence emerged. Rather, the need for collective forms of peaceful resistance was evident (even though the situation in Greece is altering rapidly). Although the Greek crisis will eventually pass, Greeks feel trapped in a new way of living beset by difficulties and uncertainty. they are unable to make any plans for their future and they anticipate further problems. still, they now realize that old practices and habits have not been helpful and they are willing to be honest and realistic about what went wrong. All responses involved elements of maturity, realization of responsibility, and the ability to think critically. In the answers of participants, priority is given to their personal everyday life and their own concerns. Collective actions follow. Although participants display disappointment and disapproval towards politicians, they do not exclude their personal contribution as part of the solution. therefore, while the Greek crisis caused a chain reaction of social, political, and economic discontinuities, which are still evolving, it seems that Greeks have now become more engaged with everyday reality (as opposed to “ohaderfismos”). they confront personal and collective complications in a more direct manner rather than relying on the past habit of “volema”. they have become more critical of socio-political circumstances as well as of themselves.

Athanasia Chalari is A.C. Laskarisdis Post-Doctoral Research Fellow in the Hellenic observatory at Lse.

10 Risk&Regulation, summer 2011 10 Risk&Regulation, Winter 2012

CARRReseARCH

Reporting Executive Pay: Why so complex?

The Directors’ Remuneration Report (DRR) has attracted growing criticism for being “too dense to be useful” since it became

a formal legal requirement for listed companies in 2002. Double-digit annual increases in Ceo pay over the same period have led to repeated public outrage and calls for government action.

earlier this year, the UK secretary of state for Business announced new regulations to increase transparency on pay reporting (BIs 2012).1 Amongst the measures proposed is the requirement to disclose a single total figure of remuneration for each named director. the aim is to enhance pay discipline by making it easier for shareholders and the public to understand how much directors are earning, and to facilitate more wide ranging shareholder activism by making it less difficult and time consuming to assemble data on actual pay.

Information on pay is normally spread across different tables in the DRR, requiring readers to do a large amount of cross-referencing and aggregation to reach an overall view of remuneration. this can have a significant impact on governance. Recent academic research, while focusing on narrative aspects of remuneration reporting, confirms that firms with remuneration reports that are harder to read are also more likely to have higher Ceo pay and receive fewer “no” votes at AGMs (Hooghiemstra et al. 2012; Laksmana et al. 2012).

inherent complexity of executive paythe question remains whether a different approach to the presentation of information on

CARRReseARCH

“One of the core issues in reporting a single figure is the problem of agreeing on what should be included in this single figure, and how various elements of the single figure should be determined.”

Yasmine Chahed and Lisa Goh look at how the UK Directors’ Remuneration Report has evolved into one of the most “complex” elements of corporate reporting.

Financial markets created one solution for this in the form of option pricing models, but these models are imperfect and restrictions on employees selling options granted to them by their firms add more complexity to this valuation process. the requirement for firms to expense stock options granted to all of their employees under International Financial Reporting standard 2 and statement of Financial Accounting standards 123(R) have led to some common approaches to valuation. there still remains some variation in how stock option expenses are calculated, though, as preparers have some discretion in the valuation process. this discretion includes a choice of valuation models, valuation assumptions used in these models (such as volatility, dividend yield, even risk-free rates etc), or applying a discount for non-tradability. Meanwhile, shareholders may be more interested in the magnitude of potential payouts in the future, rather than option values at the time of granting.

• Long-term incentive plans, typically shares that vest over multiple years, subject to performance conditions, also create difficulty in valuing what is paid in a given year. Many executives carry multiple tranches of share grants awarded over different years, and what is earned in a single year may be from tranches granted in year t, year t−1, and/or earlier years. therefore what might be “earned” in any one year might come from rights “granted” in multiple years. this contributes to a fundamental debate over whether the remuneration attributable to the year should be what is earned as a result of firm performance or what is granted as a result of remuneration committee decisions.

• Lastly, pension benefits are an often overlooked element of remuneration because they are normally tucked away in footnotes or assumed to be relatively small. But recent examples (such as Fred Goodwin from RBs and tony Hayward from BP, with pension “pots” on their resignation of £16.6m and £11m respectively) show that pension entitlements can be sizeable. While defined contribution and money purchase schemes are easily valued since they consist of annual firm contributions to the plans, defined benefit pensions suffer from valuation problems,

pay can offer a solution at the right level and enhance shareholders’ insights into remuneration practices. one of the core issues in reporting a single figure is the problem of agreeing on what should be included in this single figure, and how various elements of the single figure should be determined. As pay packages have become ever more performance driven, valuations of performance-contingent and long-term elements of the remuneration package as a single figure have become more difficult.

• Salary is the easiest measure to agree on: its value is fixed in a contract, and it can be attributed to the period in question without much difficulty. Likewise, valuing a cash bonus paid out at the end of the year is straightforward.

• The introduction of more complex bonus schemes, however, makes this task more difficult. A bonus with a deferred element, particularly if this deferred element is granted in shares, is likely to be valued differently at the grant date and the point of vesting due to changes in share prices and requires the employee to remain employed during the vesting period. Furthermore, bonuses with clawback provisions in subsequent years are effectively not fully vested until the clawback period expires. As a result, the amount “earned” in the year of reporting may be very different to that ultimately “received”.

• Stock options have also been subject to the problem of valuation since their introduction.


since their true cost to the firm and the true value to the employee are unknown until years into the future (after the death of the individual), meaning that annual “earned” pension benefits must be estimated using actuarial assumptions.

In short, valuation issues can add significant noise to the process of determining a single figure of pay and put its immediate information value into question.

Procedural and regulatory complexityA recent report by the Financial Reporting Council’s Financial Reporting Lab notes “that investors’ interest is not in the single figure itself; rather it is in understanding the components of the single figure, as well as how it develops over time” (FRC 2012). However, apart from complexity based on measurement and presentation, our research tells us that much wider structural and procedural issues are at work in reporting executive pay.

even though the formal responsibility for the DRR rests with the Chairman of the Remuneration Committee (an independent subcommittee of the board of directors), the initial draft is typically produced elsewhere in the organization or by external advisors. through interviews with practitioners, we traced the role of key participants in the process of preparing remuneration reports for listed UK companies. on a case by case basis, the internal corporate functions involved in the drafting of a remuneration report may include finance, risk management, investor relations, or HR departments, in addition to the company secretary, who normally takes the lead.

Public attention in the area of executive pay has also driven the emergence of a much broader market for disclosure. For example, some companies involve external remuneration consultants to draft a skeleton report and/or seek support from professional accounting firms or corporate reporting agencies throughout the drafting process. Professional service firms and membership bodies also offer indirect input into the reporting process through the publication of “best practice” recommendations and prizes for “reporting excellence”. In spirit, they share the government’s objective of enhancing the quality

on it as the definitive representation of pay. transparency and understanding will be further improved by asking the right questions about the links between pay and performance, and the complexities behind measurement and disclosure.

ReferencesABI (2011) ABI principles of remuneration. London: Association of British Insurers.

BIs (2012) Directors’ pay: consultation on revised remuneration reporting regulations. London: Department for Business, Innovation and skills.

FRC (2012) Lab project report: a single figure for remuneration. London: Financial Reporting Council.

Hooghiemstra, R., Kuang, Y.F. and Qin, B. (2012) A “Yea” or a “Nay”: compensation report writing style and say-on-pay votes. Groningen: University of Groningen.

Laksmana, I., tietz, W. and Yang, Y.-W. (2012) “Compensation Discussion and Analysis (CD&A): readabil ity and management obfuscation”. Journal of Accounting and Public Policy 31(2): 185-203.

Yasmine Chahed is a CARR Research Associate and Lecturer in Accounting at Lse.

Lisa Goh is Lecturer in Accounting at Lse.

of remuneration reporting. In effect, however, they contribute to a layering of regulation which preparers and advisors consider a key source of the box-ticking mentality.

Referring to conversations with investors and preparers, the FRC Financial Reporting Lab confirms a clear need for coordination between regulators in their reporting requirements for remuneration: formal regulations currently arising from the Companies Act 2006, the Financial services Authority Listing Rules, and the UK Code of Corporate Governance. As one of our interview partners from a professional service firm suggests:

“It’s too easy for companies just to stuff their reports full […] with so much detail in compliance of the regulations – and present it in a form that is just borderline incomprehensible”.

our own research also points at the hidden significance of quasi-regulations in guiding the presentation of information on directors’ pay in DRRs. Most significantly, institutional investors’ guidelines for the evaluation of remuneration policies and voting during the AGM, such as the Association of British Insurers Principles of Remuneration (ABI 2011), often provide a basis for the development of reporting checklists. Although their guidelines are not formal regulations, the ABI’s system of publicly identifying those who fail to comply with their guidelines (“red”, “amber”, and “blue” banners at the top of their governance assessment reports) was identified by a number of our interview partners as a factor that effectively turned quality benchmarks against which governance is judged into tools for standardizing investor communication.

help report users ask the right questionsthe “shareholder spring” of 2012 was one of the first proxy seasons to see widespread “no” votes to remuneration reports at AGMs, with even a few high profile outright rejections. By helping users understand the magnitude of pay packages and reducing the burden of calculation on users, the requirement to report a single figure of pay may further promote shareholder activism and public outrage over high pay packages. However, a single financial figure always imparts the risk of suggesting precision and accuracy as users may focus

1 If implemented, the regulations would come into force from october 2013.

Not More but Better RegulatoRy accouNtability:

Accountability has become a favourite buzzword of modern governance. At every turn, and even more so now in the context

of the financial crisis, we hear increasing calls for more accountability. Central actors of the EU regulatory state, European agencies, have also not escaped such calls. European agencies have been set up in a multitude of relevant and sensitive fields, such as medicines, aviation safety, police co-operation, energy, disease prevention, and financial supervision, to name just a few areas. They are the most proliferating institutional entities at the EU level. At present, we are faced with 33 such bodies operating in, and often regulating, different areas that cut across multiple regulatory levels.

These institutional developments have not gone unnoticed and have given rise to concerns as to whether checks on agency power are present. Academics have increasingly drawn attention to the risk of placing too much power in the hands of these quasi-autonomous actors, which operate at arm’s length from traditional controls and, as a result, are perceived as lacking sufficient accountability mechanisms to fence them in. Demands for more accountability (from both academic and institutional corners) ensued. EU institutional actors have responded to growing concerns over agency accountability by simply adding on across-the-board arrangements to the list of accountability procedures already in place for agencies. In some cases, previously


CARRReseARCH

Madalina Busuioc discusses the pitfalls of across-the-board ac-countability in the case of european agencies and the need for more customized approaches to regulatory accountability.

composed of a multitude of account-giving obligations − in the form of annual reports, activity reports, hearings, and evaluation reports – and are occasionally part of complex accountability cycles. In fact, given the magnitude of these procedures at the EU level and the number of forums involved, compared to the administrative capacity of some of these agencies, the level of accountability obligations to which European agencies are subject is likely unparalleled in similar bodies at the national level.

What is more, whereas the literature raised concerns about agencies circumventing accountability obligations, in practice, agencies reportedly − according to their account holders − comply diligently with their account-giving duties, even taking on new accountability obligations not foreseen as a matter of formal design. For instance, agencies have consistently lobbied the European Parliament for hearings and parliamentary visits, voluntarily enveloping themselves in new accountability ties.

The problematic aspects of agency accountability that actually do manifest themselves in practice had their origin not in attempts of the agency to escape control or the lack of accountability

existing arrangements for the European institutions were simply made applicable to agencies as well, despite their much smaller scale. This contribution aims to point out that in the case of European agencies, such indiscriminate calls for more accountability and the institutional measures adopted in response to such calls detract from, rather than contribute to, accountability. This is likely a lesson of relevance for regulatory accountability more broadly, beyond European agencies.

European agencies: law and practices of accountability (Busuioc 2013 forthcoming) shows how many of these accountability concerns with respect to European agencies did not materialize in practice. First of all, the investigation of European agencies’ accountability arrangements, both de jure and de facto, revealed that agencies are in fact subject to extensive accountability obligations. The sheer number of arrangements is overwhelming, even if perhaps not always watertight. Agencies are subject to several major accountability regimes (managerial, political, financial, (extra-)judicial), with the involvement of a multitude of accountability forums such as management boards, the European Parliament, the Council of the European Union, the European Commission, the European Court of Auditors, the Commission’s Internal Audit Service, the Court of Justice of the European Union, or the European Ombudsman. These major forms of accountability to a broad variety of forums are

tailoring Accountability obligations

“...unqualified calls for more accountability can be too crude a proposal leading to misplaced ‘cures’ ...”

Risk&Regulation, summer 2011 13

Not More but Better RegulatoRy accouNtability:


mechanisms in place, as expected, but rather in institutional design choices with respect to agency accountability. “Accountability overloads” arise with some small agencies subject to a similar set of controls as those applied to an institution like the European Commission. For instance, in the context of financial accountability procedures alone, agencies receiving contributions from the EU budget give account to four different financial accountability bodies. However, the issue of overloads is relevant well beyond the financial accountability regime; it permeates the agency accountability system as a whole. The sheer number and complexity of some procedures can put a real strain on smaller scale bodies. Whereas a larger agency such as the London-based European Medicines Agency (EMA) has approximately 500 employees, there are also European agencies, which have a staff of around 50 (eg the European Network and Information Security Agency) or less (eg the Community Plant Variety Office or the European Police Office). Yet these bodies are subject to similarly extensive accountability procedures – on a par with a body like the European Commission, which employs approximately 25,000 staff. Such cumbersome procedures run the risk of paralyzing smaller scale agencies and turning accountability into their full-time business. The situation is exacerbated in the case of management boards alone, just one of agencies’ accountability forums, where, in the case of some agencies, as many as 100 people attend board meetings. Boards are generally responsible for both steering the agency as well as overseeing its performance, and remarkably, in some agencies the size of the management board is larger than the staff of the agency they are steering and overseeing (Busuioc 2013 forthcoming).

At the same time, paradoxically, “accountability deficits” are also present. In this case, deficits emerge particularly through the way in which the various accountability arrangements are used in practice or, more precisely, by virtue of the fact that they are not always used. Accountability forums have a broad range of scrutinizing powers at their disposal, and the

manner in which they avail themselves of these powers is crucial to the success or failure of an arrangement. The underuse of accountability arrangements in practice is an issue of concern in the case of several accountability forums. Management board delegates, for instance, were often found to be “dormant” in their watchmen roles, demonstrating a low level of involvement and interest in agency performance and a low level of preparation for board meetings – often to the point of some delegations being consistently silent during board meetings. Similarly, some European Parliament committees displayed little interest in scrutinizing agencies within their mandate – despite formal powers in this respect – with poor attendance at hearing meetings and a low level of knowledge about agency matters.

The various accountability arrangements are also certainly not always in a symbiotic relation, and tensions arise. Several instances of “multiple accountabilities disorder” (MAD) (Koppell 2005) − essentially opposing pressures placed on an organization by different accountability forums − were identified. These can give rise to conflicting expectations with potentially detrimental effects on the agency. Representatives in European agencies’ management boards, often also the heads of parallel national agencies, at times push for their national or sectoral interests to the detriment of the European agency’s performance, which results in divergent and irreconcilable pressures on the agency. The agency occasionally finds itself in the position of having to fight its own board in order to follow up on the demands of another accountability forum (eg financial soundness requirements from the Court of Auditors). The tensions encountered do not appear to stem from inherently conflicting aims between two different accountability arrangements, but from an imperfect alignment of interests and preferences between the agency and one of its forums. Essentially, management board delegations were often not acting as accountability forums, as formally mandated, but rather as vehicles of “control”, protecting national or sectoral interests. Incentive structures thus become complicated at the EU level, and accountability forums cannot automatically be assumed to enact their oversight roles, even more so when conflicts arise between the different roles and role expectations of accountability forum members at different regulatory levels.

This goes to show that arbitrarily inflating an accountability system can in fact detract from, rather than contribute to, regulatory accountability. Simply adding on more accountability rules and procedures on the basis of a priori normative

assumptions lacking confirmation in practice − rather than examining and reflecting on the system in place, diagnosing problematic aspects, and devising tailored solutions for improvement − is not only an unconvincing solution but can also become a source of failures in itself. In the case of European agencies, it has resulted in overloads and accountability disorders, such as tensions arising between various arrangements, without necessarily actually filling in existing deficits. Thus, in practice, the risk inherent in the EU agencification process does not stem from agencies escaping oversight due to a lack of accountability arrangements in place, but from the lack of institutional reflection on such arrangements, on their appropriateness and fit to the agency context, in relation to specific agencies as well as on the interaction of these various arrangements with each other.

All in all, the lesson here, which is likely of relevance beyond European agencies in the context of the EU regulatory state more broadly, is that unqualified calls for more accountability can be too crude a proposal leading to misplaced “cures”, which can accentuate, or even give rise to, rather than solve accountability pathologies. In the (EU) “regulatory state”, organizations operating across multiple regulatory regimes will often be subject to multiple, co-existing accountability demands. In this setting, accountability arrangements that are not “fit for purpose” can be costly, placing irreconcilable pressures on the organization and detracting not only from accountability, but also from an organization’s ability to fulfil its tasks. Mismatched accountability can become debilitating and paralyzing in its effects.

It is thus crucial that we move beyond general, unqualified calls for more accountability, that accountability obligations are tailored to the accountees’ tasks and capacities, and only supplemented further where actual deficits in oversight arise, while simultaneously keeping an eye on (their interaction with) existing accountability arrangements. In other words, this is a call not for more but for better regulatory accountability.

ReferencesBusuioc, M. (2013 forthcoming) European agencies: law and practices of accountability. Oxford: Oxford University Press.

Koppell, J.G.S. (2005) “Pathologies of accountability: ICANN and the challenge of ‘multiple accountabilities disorder’”. Public Administration Review 65(1): 94-108.

Madalina busuioc is LSE Fellow in Risk and Regulation at CARR.



eRMsPeCIAL seCtIon

Tim Leech analyses the current approaches used by regulators to prevent the next wave of corporate malfeasance. He suggests that more than a few approaches to regulatory reforms suffer from what he calls “herd mentality” and a lack of serious research to determine if the benefits to stakeholders are worth the massive costs imposed on public companies.

these events in the Us were sometimes accompanied by similar instances of corporate malfeasance in other countries, which, in turn, resulted in new corporate governance laws and regulations in Canada, Australia, europe including the UK, and elsewhere.

simply stated, a form of herd mentality driven by the behaviour of a relatively small number of “bad” executives/companies evoked a range of regulatory responses to improve corporate governance. the Us focus on creating the appearance of taking highly visible steps to reduce similar events in the future was emulated by other countries fearing that their capital markets would be perceived as unreliable and risky by current and prospective investors – countries that didn’t want to be seen as being left behind by the herd.

Unfortunately for investors, the relatively small percentage of corporate malfeasance and neglect resulted in the Us in the imposition of soX 404 reporting on “control effectiveness” by Ceos, CFos for all public companies, and, for larger public companies, of even more expensive parallel control effectiveness certifications by external auditors. other countries around the world, including Canada, Japan, and elsewhere, emulated the Us and passed new laws that call for Ceo/CFo representations on control effectiveness but do not require auditors to give parallel representations. Fortunately, in the UK there was less pressure to follow the Us lead to enact costly Ceo/CFo/auditor opinions on internal control effectiveness. the UK chose to take another route, calling for companies to report on whether they are or are not complying with the Combined Code. the UK herd was pointed in another direction.

Over the past 30 years there have been waves of “bad” corporate behaviour involving elements of herd behaviour

that resulted in new laws and regulatory actions to address what were perceived at the time as pervasive problems. the waves include serious corporate malfeasance in the mid 1980s on the part of a relatively small number of companies in the Us. this resulted in the formation of the Committee of sponsoring organizations (Cos0) treadway Commission in the Us, better known as the treadway Commission. this led to the issuance of the world’s first “control framework”, the 1992 Coso Internal Control Integrated Framework (Coso 92). this was followed by a broader wave of fraudulent reporting and corporate misbehaviour around 2000, which culminated in the enactment of the sarbanes-oxley Act of 2002 and initiation of formal Ceo and CFo certifications on accounting control effectiveness.this wave, in turn, was followed by the stock options back-dating scandal involving hundreds of public companies (still a relatively small percentage of all public companies). Most recently we’ve had the global financial crisis of 2008 which involved a considerably larger number of companies that brought about a massive wave of regulatory intervention in the form of new bank regulation rules, the Frank Dodd Act in the Us, and new securities and exchange Commission (seC) proxy disclosure rules that require companies to disclose how the company’s board of directors oversees the effectiveness of the company’s risk management processes.

the failure rate of soX 404 control effectiveness opinions from Ceos, CFos, and external auditors in the Us to date has been shockingly high – as high as one in eight at the peak in 2006, evidenced by the need to restate financial stations previously certified as having less than a remote chance of a single material error. there continues to be regular ongoing illustrations of high profile soX 404 control effectiveness certification failures (eg the majority of companies at the heart of the 2008 global financial crisis, MF Global, and others). Most recently, the global financial crisis of 2008, largely attributed to deficient risk management and board risk oversight, has exposed the fact that the majority of the companies at the root of the crisis had all been certified by their Ceos, CFos, and auditors as having “effective” controls in accordance with the dated and largely obsolete 1992 Coso integrated control framework, including risk management controls.

It is important to recognize that the reactions of regulators around the world are representative of a strong form of herd mentality. the regulatory reforms ushered in by soX 404 in 2002 and those created following the global financial crisis of 2008 were applied to the entire herd to address problems in only a small percentage of the flock. the broad brush Congressional/seC regulatory responses in the Us have been supported by other “herd leaders”, including Coso, the Institute of Internal Auditors (IIA), external auditors, consultants, software vendors, attorneys, and related support industries that have emerged to support these broad brush regulatory responses.

the problems that evoked the regulatory responses described above were indeed serious and unquestionably did inflict trillions of dollars of harm on investors and other stakeholders. What is unfortunate is not that there was a regulatory response, but that the regulatory response herd leaders and their support herd leaders appear to show little interest in studying whether the massively expensive corrective actions imposed actually correct the problems targeted. Companies, their boards of directors, shareholders, and other stakeholders are asked to accept, largely on faith, that the benefits of the broad brush regulatory interventions are actually effective and exceed the massive regulatory compliance costs. An article filed by the author with the seC and Congress titled Preventing the next wave of unreliable financial reporting: why US Congress should amend SOX 404 (Leech and Leech 2011) provides more details on the weaknesses of the soX 404 herd intervention in the Us.

The high cost of “HeRD MeNtality”

Tim Leech is Managing Director of Global services at Risk oversight Inc. He has been recognized globally for his work as a thought leader and innovator in the risk and assurance field by the Institute of

Internal Auditors, the ontario Institute of Chartered Accountants, and the Association of Certified Fraud examiners. He can be reached at [email protected]


to date there have been no serious attempts in the Us to determine if the imposition of Ceo and CFo reporting on control effectiveness imposed by soX 404 (a), accompanied by external auditor control effectiveness representations (soX 404(b)), actually produces more reliable financial statements for investors. similarly, although there is now a widespread global push to force companies to adopt enterprise risk management (eRM) by regulators, credit agencies, institutional investors, and others through a range of tactics, there is limited real evidence that eRM, at least in the current “supply driven/risk-centric” form adopted by the majority of companies, will prevent another global financial crisis (see Leech 2012 for more details).

Unfortunately for shareholders, the majority of Us listed public companies appear willing to follow the regulatory response herd leaders without any real challenge or demand for tangible evidence that they are choosing the right path. Few companies and few of the myriad associations that represent their interests like the national Association of Corporate Directors, Financial executives Institute, IIA, American Institute of Certified Public Accountants, and others have called for, or supported, any serious efforts to study the effectiveness of the regulatory solutions imposed; nor do they show much interest in lobbying the government for more effective and less costly regulatory regimes for addressing the performance shortfalls. Complaining loudly about the cost of these new compliance regimes without any regard for tackling the serious problems that led to the regulatory intervention does not demonstrate much in the way of corporate social responsibility.

Perhaps officers and boards of directors see following the rules imposed by regulators in response to the waves of corporate malfeasance as something that they must all do, regardless of whether it makes any

450 SHEEP JUMP TO THEIR DEATHS IN TURKEYIstAnBUL, turkey (AP) — First one sheep jumped to its death. then stunned

turkish shepherds, who had left the herd to graze while they had breakfast, watched as nearly 1,500 others followed, each leaping off the same cliff, turkish

media reported. In the end, 450 dead animals lay on top of one another in a billowy white pile, the Aksam newspaper said. those who jumped later were saved as the pile got higher and the fall more cushioned, Aksam reported. the estimated loss to families in the town of Gevas, located in Van province in eastern turkey, tops $100,000, a significant amount of money in a country where average GDP per head is around $2,700. source: www.usatoday.com/news/offbeat/2005-07-08-sheep-suicide_x.htm

HERD MENTALITY DEFINITIONthe term herd mentality is the word herd, meaning “group of animals,” and mentality, implying a certain frame of mind. However the most succinct definition would be: “how large numbers of people act in the same ways at the same times”.

Herd behavior is distinguished from herd mentality because it applies to all animals, whereas the term mentality implies a uniquely human phenomenon. Herd mentality implies a fear-based reaction to peer pressure which makes individuals act in order to avoid feeling “left behind” from the group. Herd mentality is also sometimes known as “mob mentality”. source: http://en.wikipedia.org/wiki/Herd_mentality

sense – much like the herd of sheep that followed its leaders over the cliff in turkey described in the news piece referenced above.

senior executives and boards should take the time to study the root causes that resulted in across-the-board regulatory interventions and the actual effectiveness of the costly solutions imposed by regulators. tangible efforts should be made to identify more effective solutions to the real problems and to convince the Us government to enact better, more efficient, and effective corporate governance rules. other countries around the world that have emulated the Us regulatory path, including Canada, Japan, and others, would likely follow the Us lead.

Although the UK has opted not to follow the Us decision to require costly and ineffective opinions on accounting control effectiveness from Ceos, CFos, and external auditors, it has been equally remiss in not carefully studying the costs and actual effectiveness of regulatory responses in the UK. Hundreds of UK companies now religiously update their “risk registers” each year to comply with rules calling for reports on the effectiveness of their risk management processes. there is little evidence that slavish adherence to the widespread practice of developing and maintaining risk registers is, in fact, resulting in better corporate governance. the only good news is that many of those companies creating and maintaining risk registers are spending a small fraction of the money public companies in the Us are spending on complying with soX 404 requirements to report on control effectiveness.

Following the lead of well-intended but misguided herd leaders that requires companies to adopt untested and ineffective corporate governance practices – practices that create the illusion of remedial action but don’t actually work well – is massively costly to investors,

even fatal in some instances. Investors take comfort in the direction the herd is heading, assuming, often with no basis in fact, that the herd must be heading in the right direction. Unfortunately, all too often, the regulators and organizations like the seC, Coso, the ontario securities Commission in Canada, and others are heading in sub-optimal, sometimes fatal direction. Herd behaviour with little regard for whether the direction taken is optimal is certainly not in the best interests of the global village.

ReferencesLeech, t. and Leech, L. (2011) “Preventing the next wave of unreliable financial reporting: why Us Congress should amend section 404 of the sarbanes-oxley Act”. International Journal of Disclosure and Governance. http://bit.ly/wmVA8G

Leech, t. (2012) The high cost of ERM herd mentality. Risk oversight White Paper (March 2012). oakville, Canada: Risk oversight. http://riskoversight.ca/wp-content/uploads/2011/03/Risk_oversight-the_High_Cost_of_eRM_Herd_Mentality_March_2012_Final.pdf


eRMsPeCIAL seCtIon

On 6 August 2012, the NASA rover Curiosity made a successful landing on Mars. The sheer magnitude of the endeavour was

remarkable. As the vehicle entered the Martian atmosphere, the fate of future missions was at stake, hinging on the successful touchdown of landing craft that looked like something which might have been developed by Rube Goldberg. As the final atmospheric entry and descent sequence unfolded, it was clear that success would be not just positive, but profound in nature. Failure of the mission would have meant utter doom, ushering in a death knell for future NASA Mars exploration projects. Curiosity having landed successfully, the rover is now moving about the Martian surface, and a window has opened to a place where time is not measured in hours, minutes, or days, but in millions of years. And our collective curiosity is drawn to the planet most similar to Earth, as we are waiting to learn more about whether or not life might have existed there at one time.

Serendipitously, and somewhat counter intuitively, the saga of the Curiosity rover has led to this article on knowledge and ERM. This inspiring space mission has provided drivers for rethinking certain aspects of risk management and ERM, especially the ways in which information and knowledge are gathered and fed into ERM programmes and then utilized. It is hoped that this article will provoke discussion – particularly multi-disciplinary, cross-boundary dialogue – about the current state of ERM, including its boundaries and limitations. seven minutes of terror What are the seven minutes of terror? Those with a sense of humour might be inclined to say that it’s the time which passes between the announcement of a critical risk event and the point at which the organization’s risk manager discovers that that risk is not on his organization’s ERM heat map. In actuality, “the seven minutes of terror” is a term used to describe the time

REFLECTIONS ON KNOWLEDGE AND ERM: LESSONS FROM THE MARS ROVER CuRIOSITy

In contrast with more traditional approaches to risk management, ERM casts a far wider net which encompasses the full spectrum of risks across the entire organization, including their interactions. For example, within the scope of ERM one finds strategic and emerging risks, which, due to their complex and evolutionary nature, do not fall neatly into the control tools of ERM. These traditional control tools include risk registers and heat maps, which, due to their structural design, require movement from particular, context dependent information about risk towards greater generality – the kind of generality which can be contained on a single page heat map or matrix. These ERM tools are management heuristics, akin to what Bell (1999: 9) describes as “conceptual schema...[,] not true or false but either useful or not”. Their utility is greatest when exploring risks that are well understood, linear in nature, and developing in stable environments. However, in environments which are dynamic, evolving, and complex, additional and different tools are necessary complements to the suite of tools and approaches that form part of ERM practice. So the question arises how we might go about enhancing ERM practice through the further development of additional tools and approaches. A practical means for tackling this challenge is to engage in a purposeful dialogue aimed at teasing out an understanding of the types of knowledge that ERM should encompass.

Episteme, techne, phronesis: exploring knowledge within eRMTurning once again to the example of the Mars rover Curiosity, there is a meaningful point of departure for discussion of knowledge seeking and how ERM theory and practice might be

that passed between Curiosity’s entrance into the Martian atmosphere and its touchdown on the planet’s surface. The seven minutes of terror elapsed after nine months of travel to Mars, representing the time that Curiosity had to slow down and land safely. Because it takes ten minutes for a signal from Mars to reach Earth, any indication of a problem during the landing process would have reached NASA’s engineers too late. As a result, the only choice was to fully automate the descent and landing process.

As illustrated by the seven minutes of terror, automation, protocols, and formulae are quite useful and even necessary in certain situations. They are particularly useful where a process and its related risks are well understood. Automation and protocols are useful as well in instances where following the same, consistent process yields superior results.

If one applies these observations to risk management practice, some noteworthy parallels are to be drawn. One of these is the observation that standards and frameworks add value when risks are well understood and the aim is to reduce or eliminate variation in behaviour and outcomes. The nuclear power industry offers a compelling example of just such an instance, where the focus is primarily on “preventable risks” and on how those can be controlled. Another interesting parallel is that ERM programmes, while useful for mapping and plotting risks, don’t customarily include a mechanism for adjusting the organization’s path once a risk has begun to emerge and manifest itself. These are the seven minutes of terror applied to the organizational context.

“When folded into a programme of ERM, phronesis provides a means for organizations to deliberate about what outcomes are good and bad and to develop actionable plans for moving in the desired direction. Of particular note, phronesis focuses on that which is variable…”

Kathleen Locklear discusses knowledge seeking as a critical departure point for eRM on a journey toward getting things “less wrong”.


REFLECTIONS ON KNOWLEDGE AND ERM: LESSONS FROM THE MARS ROVER CuRIOSITy

enhanced further. In the case of the Mars rover, the objective is to gather scientific knowledge (episteme). Episteme, by its nature, is concerned with universal knowledge which is derived from analytical methods and does not vary across time and space. It is this type of knowledge that is most relevant to the exploration of preventable risks, as described above. And, within an overall programme of ERM, episteme has a legitimate and important role to play in eliciting universal truths about risks that organizations face. However, episteme cannot capture the full range of relevant knowledge about risks. In order to accomplish this, it is necessary to include techne and phronesis as well.

Unlike episteme, techne is concerned with art and craft. It is context dependent and variable, aimed at eliciting practical know-how that can be applied to a conscious goal. By deliberately incorporating techne within ERM, it becomes possible to capture and leverage technical know-how for the specific purpose of running an organization better through its ERM programme.

Phronesis emphasizes practical knowledge and also incorporates the notion of action that is good or bad for humans. When folded into a programme of ERM, phronesis provides a means for organizations to deliberate about what outcomes are good and bad and to develop actionable plans for moving in the desired direction. Of particular note, phronesis focuses on that which is variable – specific instances and situations – and which cannot be encapsulated into rules and matrices. This type of information is especially relevant to strategic planning and the related activity of strategic risk management.

guiding questions for eRMExplicitly folding all three types of knowledge – episteme, techne, and phronesis – into ERM enables one to position ERM as an exercise that aims to drive a holistic dialogue about the risks organizations face as they pursue their goals. The critical point of departure is an explicit articulation of the role of each type of knowledge seeking within the ERM framework. A suggested starting point for this “re-framing” of ERM is the following set of questions, which should be the genesis of the ERM programme:

(1) Where is the organization going? (2) Is that direction desirable?

(2a) If so, what should be done in order to enhance the organization’s ability to maintain that desired direction?(2b) If not, what should be done in order to facilitate a change in direction?

(3) Who are the relevant stakeholders in this decision process, and what does each one stand to lose or gain?

By anchoring the ERM programme with these specific questions, it becomes possible to elicit responses that can become input for an ongoing dialogue about the risks that organizations face. This type of approach allows the organization, through its ERM programme, to deliberately examine not just the current state of affairs, but also where things may be heading and what range of actions can and should be taken. The questions presented here also open a door to incorporating a broader range of tools and approaches such as scenario planning, systems thinking, and strategic risk management.

ConclusionThe anticipated outcome of the approach suggested here should not be the attainment of complete and final answers, but rather an ongoing and evolving dialogue. That dialogue is one whose task “is not to get it right, but to get it less wrong, not to disprove existing understandings but to recognize their context-dependence, not to discover what is, but to construct from conflicting understandings previously unconceived alternative understandings” (Grobstein 2010).

In seeking to adopt this type of approach to ERM, a multi-disciplinary mindset becomes essential, since no single discipline or functional area is

capable on its own of capturing the breadth of relevant knowledge and information needed to manage risks that span the entire organization both internally and externally. This requirement for a multi-disciplinary approach distinguishes the type of ERM proposed here from traditional risk management, where individual risks (eg credit risk, regulatory risk, environmental safety risk) could be adequately handled on a stand-alone basis by functional experts. What is proposed here is a novel approach, a cross-disciplinary dialogue that is capable of eliciting the richness of information and knowledge needed to enhance ERM as a tool that is able to move organizations towards more robust ways of understanding the risks they face today.

ReferencesBell, D. (1999) The coming of a post-industrial society: a venture in social forecasting. New York: Basic Books.

Grobstein, P. (2010) “Education in the evolving systems context”. http://serendip.brynmawr.edu/exchange/evolsys/home

kathleen locklear is a risk management practitioner and Adjunct Professor for the Graduate School of Management and Technology at University of Maryland University College.

The STruggle To Codify riSk ManageMenT

18 Risk&Regulation, Winter 201118 Risk&Regulation, Winter 2012

eRMsPeCIAL seCtIon

In 2000, when I started my research on risk management, this latest addition to the manager’s repertoire promised a wide diversity of tools to

help organizations cope with uncertainty. Advocates of a “comprehensive” enterprise-wide approach set out with pioneering optimism to codify guidelines for a new era of enlightened management; milestones of this effort include the turnbull report, the Coso enterprise Risk Management Framework, and Iso 31000:2009 – Principles and Guidelines on Implementation by the International organization for standardization. now that principles, guidelines, and standards abound, it is time to take stock. Has the idea of risk management reached maturity with proven, unambiguous concepts and tools? or is it still emerging and unproven? or is it simply taken for granted, its value “proven” by the apparent demand?

since May 2011, I have been following (and sometimes joining) the online discussions and blogs in which a group of informed risk practitioners have been debating new guidelines, the latest risk management failures, and lessons learnt from behavioural economics and the psychology of risk perception. the discussions have also posed and addressed important and difficult questions: “What is the value added of risk management?” “How should we define risk?” “Which standard is better?”

As Us policy analyst Roger Pielke (Jr) reminds us, experts can adopt different roles in their desire to further ideas, and the generally cordial online debates sometimes flare up as keen students take up the role of issue advocates. still, mutual respect and openness have prevailed – until recently. In May, one of the issue advocates, a supporter of Iso 31000, threw down his gauntlet and took the debate on the definition of risk and the relevance of Iso 31000 into an open social networking site of Iso supporters, where it quickly degenerated into personal abuse of “charlatans”. “War” was declared on anyone who dared to differ.

As one of the “heretics” under ad hominem attack in the Iso blogosphere, I have been pondering this escalation. Clearly, many hundreds of volunteering risk practitioners have invested their time, experience, and enthusiasm in creating and advocating the Iso 31000 guideline. But many others are toiling on alternative guidelines, such as the recent updates of the Coso framework and the “framework for board oversight of enterprise risk” issued by the Canadian Institute of Chartered Accountants. tens

of thousands of candidates are studying for the exams of two organizations, the Global Association of Risk Professionals and the Professional Risk Managers’ International Association, with yet another – specifically quantitative and finance-based – view of risk management. surely it is too soon for any of these constituencies to declare the closure of the debate on what risk management is and what it takes to operationalize it? not only too soon, but foolish. As my colleague Robert Kaplan pointed out in the “Harvard heresy” debate, prematurely standardizing the concepts and principles of risk management risks sacrificing the capacity for innovation crucial to an emerging and open-to-all field.

Viewed from 10,000 feet, the field of risk management is promising – crowded with curious and ambitious students, experts, critics, and advocates. At the same time, serious fault lines threaten this nascent profession’s very existence. there are numerous disagreements about the definition of risk; most worryingly, amongst the supporters of Coso and Iso. the former view risk as negative (as do the dictionaries), while the latter define it as “the effect of uncertainty on objectives – positive and/or negative”. these nuances are consequential. Iso’s definition grants the risk manager a remit broad enough to overlap with those of marketing and business planning, making it harder for the risk profession to differentiate and legitimize itself in the crowded organizational landscape of staff experts. Further disagreements concern the differentiation of risks that need different treatment, the quantification of risk, the governance of risk, and the meaning and use of concepts such as “risk appetite”. In a recent email, Grant Purdy, one of the principal architects of Iso 31000, admitted: “I’ve really stopped describing what we do as risk management and I’m trying not to use the term ‘risk’”. Based on his consulting experience, Purdy elaborated: “In the last year or so I’ve come to the view that much of the paraphernalia our profession has developed, like the rites and ceremonial instruments of some secret society, actually impede others from understanding what they have to do to manage risk better.”

Purdy’s acknowledgment of risk management’s existential crisis evokes the question: Does the quest for codifying risk management resemble the metaphorical exercise of peeling an onion? If we were to scrutinize the concepts and terminology of risk management, removing the theoretical

Anette Mikes discusses the heated debates on the codification of risk management and argues there is more to learn before we can reach closure.

“Can we agree among ourselves? We are a clever but quarrelsome species…” – Ian McEwan

Risk&Regulation, Winter 2011 19 Risk&Regulation, Winter 2012 19

inconsistencies and unproven practices one by one, would we find at the core anything more than common sense, experience-based intuition, and sound judgement?

Research and experience confirm there are indeed tools and practices that can help us make better decisions while cautioning us about our inherent biases. But it is unclear which of these tools and practices will ultimately underpin and legitimize a profession of risk management. the relationship between practice and professional codification is complex: they mutually shape, weaken, and strengthen each other. Codification cannot be exercised solely on Donald schön’s “high ground of manageable problems” where phenomena such as risk can be measured and controlled by systems with clockwork precision. I fear that the ultimate problem with risk management guidelines is that, despite their architects’ best intentions, they talk to the high ground but fail to address the complexity, incongruity, context-dependency, and politicized nature of real organizations – what schön called the swampy lowland of problems that are “messy and confusing and incapable of technical solution” (schön 1992: 54).

standards and guidelines that aspire prematurely to be “applicable to all organizations” and “all types of risk” themselves run the risk of being so general as to lack specific meaning. Iso 31000, for example, has been criticized as not fit-for-purpose. Professor John Adams of University College London, a veteran of the risk management definition wars, calls attention to its overuse of words such as “appropriate”, “effective”, “culture/cultural”, “relevant”, “comprehensive”, “acceptable”, and “tolerable”. Quantifying his sense of “vague dissatisfaction” generated by so many “Rorschach inkblots – the ambiguous stimuli typically shown to patients by therapists”, Adams concluded in multiple blog postings (eg Adams 2012): “If I take the total number of these words and divide them by the page count, Iso 31000 gets an inkblot average of 4.03 per page”, and he declared: “it can mean what the reader chooses it to mean”.

But perhaps the apparent weakness of risk man-agement’s guidelines has helped it survive the recent stream of risk debacles and control failures. the vagueness and plasticity have created a curi-ously malleable idea of risk management, sufficient-ly broad to encompass other ideas such as “internal control”, yet focused enough to become part of even broader concepts such as “governance”. It is no surprise that, in the wake of continuing high-profile compliance failures (such as HsBC’s recent anti-money-laundering control debacle), risk management comes to the fore as a remedy to shore up internal controls. simulta-neously, the now common reaction to specific risk management failures (such as JP Morgan’s multi-billion dollar loss in its CIo unit) is to call for better governance. And so it

goes on. Risk management, as an idea, simultane-ously explains and justifies itself.

Will it survive? Its plasticity suggests it will, as it continues to be, in the words of sociologist Mike Hulme, “a malleable envoy enlisted in support of many rulers”.

But the ultimate “buyers” of risk management – executives and decision makers – do not have the luxury of sociological detachment. they have to make sensible decisions today in a world of uncertainty. there remains a demand for knowledge about future risks, and it remains incumbent on all risk managers (appointed, self-appointed, and certified) to try to “tame” these uncertainties.

so we must keep studying the various risk management practices emerging in the “swampy lowland” before we jump to conclusions about a universal form of risk management. Cultural theorists have shown us that risk means different things in different organizations, while experience tells us that a given risk model will work in some contexts and not in others. Descriptive and critical research will uncover a fascinating diversity of context-specific practices and, in due course, help us understand the need for this variation. those interested in the relationship between risk experts – particularly the chief risk officer – and business decision makers will, for example, find that risk experts do not operate in a vacuum. even “fit-for-purpose” guidelines would not prepare the experts for the cut-throat competition for visibility and voice in the C-suite. Risk managers are but one contending (and, by all evidence, not undivided!) group offering to take the measure of the organization’s future. therefore, this laudably audacious intellectual struggle is also a political and cultural struggle in which survival of the fittest is not necessarily survival of the most theoretically sound. As Mike Power reminds us: “that the future is uncertain is obvious and trivial … Less obvious and less trivial is the process by which

some technologies for knowing the future come to be regarded at specific times and places as more reliable and acceptable than others” (Power 2010: 198).

Many risk managers, consultants, standard setters, and academics have invested themselves heavily in different and competing concepts, definitions, and technologies to manage uncertainty. We can lament the lack of closure, but this diversity is our key to moving ahead in the great endeavour to “tame uncertainty”.

ReferencesAdams, J. (2012) ISO 31000: Dr Rorschach meets Humpty Dumpty. www.john-adams.co.uk/2012/02/22/iso-31000/

Power, M.K. (2010) “Fair value accounting, financial economics and the transformation of reliability”. Accounting and Business Research 40(3): 197-210.

schön, D.A. (1992) “the crisis of professional knowledge and the pursuit of an epistemology of practice”. Journal of Interprofessional Care 6(1): 49-63.

Anette Mikes is a CARR Research Associate and Assistant Professor of Business Administration at Harvard Business school.


Since the early 2000s, risk maps have been promoted as instruments for risk-based control within enterprise risk management (eRM) rationales. they have become the most commonly used tool for risk assessment in practice. While risk maps increasingly populate the managerial and regulatory

vista of diverse types of organizations and tend to capture a growing repertory of risk objects, we know little as to why risk maps appear to be such attractive devices in risk management practice. Is it that risk mapping simply helps practitioners to make risk-based decisions in the most effective and efficient way? some would clearly negate such a claim, arguing that the way risks are represented on risk maps crudely simplifies risk identification and assessment and may entail misleading rankings of risks (eg Cox 2008). so what constitutes the “charm” of risk maps despite these apparent technical shortcomings? How have risk maps come to be understood and promoted as functional? And what conceptions of risk and its management are conveyed by this technology?

Risk maps represent risk objects within a Cartesian coordinate system, classifying them along two axes: the probability of the risk’s occurrence and the severity of its consequences, its potential “impact”. Depending on these two estimated properties of a particular risk object, it is classified as more or less “tolerable”, providing priorities for more or less “urgent” intervention. Currently, the most common way of indicating priorities on risk maps is a traffic light system which delineates red, amber, and green risk areas.

A SHORT HISTORY OF RISK MAPS OR WHY DO WE FIND RISK MAPS APPEALING? Silvia Jordan discusses the characteristics of a prominent risk representation technology.

eRMsPeCIAL seCtIon

Risk Map Format

While the product of impact and probability as a way of quantifying risks dates back to the work of statisticians in the 17th century, the first graphical representations of these two risk dimensions on tabular matrices emerged only in the 1980s. early risk maps show strong connections to the decision making literature in strategic management, which had been discussing diverse “decision matrices” since the 1960s. Broadly speaking, decision matrices relate several decision alternatives to their estimated performance on different decision criteria so as to deal with complex decision problems under uncertainty.

Criterion 1 ... Criterion n Score / Ranking

Alternative 1 e[X] = (x1*p1+ … + xk*pk)

…

Alternative m

Decision matrix format

similarities between decision matrices and risk maps are the tabular format, the consideration of probabilities and outcomes, and the commensuration of different qualities (different types of decision criteria or, in the case of risk maps, different types of risk impacts) for the purpose of comparing and ranking either decision alternatives or risk objects and arriving at a priority list that indicates which alternative to pursue or which risk to mitigate.

originating in such diagrammatic decision making heuristics, early risk maps are only loosely linked to the risk discussions in statistics, insurance mathematics, and finance that dominated risk management discourses from the 1920s to the 1970s. even though the classification of risk objects on risk maps resembles the economic concept of “expected value” (probability × impact), in risk matrices the emphasis shifts from sophisticated probability calculations to identification of impacts, which are often measured on simple ordinal scales (eg from negligible to huge impacts). Impact categorization, so the argument goes, is more relevant than probability calculation, because the latter can be too costly and time consuming and thus not “rational” for everyday use of practitioners, especially for managers in small organizations and in organizations facing non-repetitive tasks.

the tabular system of linking probability and impact “standardizes” qualitatively different types of objectives-at-risk – such as financial goals, goals of technical functionality, or work place safety – along two seemingly homogenous dimensions. this makes risks to these objectives comparable and allows for the categorization and prioritization of risks. this characteristic of risk maps becomes increasingly visible from the mid 1990s onwards, when risk maps became more and more comprehensive, capturing risks to strategic objectives as diverse as financial, environmental, technical, and reputational risks. Comprehensiveness also allowed them to be linked to “enterprise-wide” risk management, with the aspiration to depict the main risks to the most relevant strategic objectives of an entity. In this quest, comprehensiveness becomes more relevant than precision, as “it is entirely reasonable to be less precise in measurement and more complete in the list of risks considered” (shimpi 1999: 58).

Probability

Impact

Likely

Unlikely

Veryunlikely

Lesslikely

Verylikely


By categorizing risks as more or less acceptable or urgent, risk maps set borders between “normal” and “abnormal” or, in more interventionist terms, between “tolerable” and “intolerable”, ie requiring intervention or not. this is not a purely mathematical-statistical matter, since which area on the map is considered “normal” or acceptable is based on a qualitative judgment rather than on a mathematically based indication. the variety of depictions of threshold borders on different risk maps, eg diagonal lines or concave or convex curves, shows the design flexibility in this regard. threshold values are, in principle, flexible and re-locatable on a continuum. textbooks and guidelines often explicitly promote flexible borders between acceptable and inacceptable risks. the Coso (2004) eRM framework, for example, presents risk maps as a tool for specifying an entity’s “risk appetite” by adjusting the thresholds on the map. Risk management guidelines published by swiss Re state: “Risk mapping, if it is to be meaningful, should be as dynamic as the world in which the corporation operates” (shimpi 1999: 64).

As markers between normal and abnormal cannot be purely mathematical, the border is set by means of semantic-symbolic markers. In the case of risk maps, borders between tolerable and intolerable risks are often set by traffic light symbols. Green is usually associated with “risk acceptable”, amber with “risk acceptable, risk reducing action should be implemented”, also described as “ALARP – As Low As Reasonably Practicable”, and red with “risk not acceptable”. this combination of colours has been used for traffic regulation since the 1920s; the connotation of the symbolism is arguably collectively shared and institutionalized. Hence, traffic lights work effectively as semantic markers between different “zones of (ab)normality”. the traffic light symbolism appears in risk map presentations only from the mid 1990s onwards. However, earlier risk maps similarly cluster risks visually into groups, eg by means of different geometrical symbols (triangles, circles, and rectangles). In contrast to other graphical means, traffic lights convey a clear ranking and valuation: green risks immediately appear less

problematic or urgent than red ones. Placing risks on a risk map is thus not only a prognostic exercise. the risk map simultaneously evaluates the status of the accounted for entity, eg a particular project. If no risks are in the red area, the project seems to be “on track”.

Marking cells with symbols rather than numbers constitutes a relevant difference between risk maps and earlier decision matrices. symbols allow for a more “immediate” recognition of risk distributions, without the need to analyse and interpret numerical results. In this way, risk maps present a single, clear, and simple picture of the overall “risk landscape” of a particular system. Risk maps may therefore tend to be perceived as easy to understand, with seemingly clear rules of placing and interpreting risks and with an impression of getting an instantaneous overview of an otherwise complex arrangement of organization-internal and external processes.

Risk maps thus convey an abstract overview and a reliance on judgment and flexible adjustment rather than precise calculative detail. However, by using the mathematical-statistical symbolism of the Cartesian coordinate system and probability values, risk placement is not completely dissociated from rational calculus either. notwithstanding the roots of risk maps in strategic management rather than financial mathematics and statistics, recent risk management textbooks in finance often do use risk maps. they are presented as part of risk identification and assessment techniques that can and should be linked to more sophisticated calculative techniques, such as Monte Carlo simulations. Recent critiques of risk maps also point to their mathematical shortcomings and suggest design improvements that should make risk maps mathematically more sound and precise. of note, these critiques are grounded in a mathematical-statistical discourse. Risk maps are not regarded as irrelevant from this perspective. Although they are seen as “very much an art and not science” (shimpi 1999: 55), they seem to appeal simultaneously to both logics of measurable “risk” and logics of entrepreneurial judgment of non-measurable “uncertainty”.

Risk maps do not neatly fit into the category of calculative “risk” technologies which, according to authors like Bernstein (1998) and Knight (1921), create a “prison” that fixes us in the past and makes us incapable of action. the normalism they appeal to seems to be flexible and open to self-adaptation rather than purely constraining. the tabular format of probability and impact, the traffic light system, and the combination of these two elements within a system of flexible zones of (ab)normality are associated with notions of both “risk measurement” and “uncertainty management”, promoting ideals of calculated precaution as well as entrepreneurial discretion, “risk appetite”, and self-governance. Risk maps therefore effectively incorporate and translate current eRM rationales

which, as shown by Power (2007), combine ideals of auditability and measurement with entrepreneurial self-management.

the above analysis shows that the semantic characteristics of r isk maps – such as instantaneous overview, commensuration of diverse types of risk objects, flexible zones of (ab)normality, and ambiguous prospective and evaluative connotation – have discursive links with eRM logics. In this sense, risk maps are appealing: they can be considered legitimate tools of “proper” risk management which simultaneously allow for entrepreneurial flexibility. Hence, risk maps enable the alliance of “global” eRM ideals and “local” imperatives of practitioners, eg efficient reporting, moving projects ahead by creating reassurance and commitment among distributed actors, and setting agendas and mediating concerns by making them visible in terms of risks. Using risk maps for such purposes certainly goes beyond the often espoused risk management ideals of attention to early warning signs and the critical envisioning of alternative futures.

ReferencesBernstein, P. (1998) Against the gods: the remarkable story of risk. new York: Wiley.

Coso (2004) Enterprise risk management – integrated framework: application techniques. Jersey City, nY: Committee of sponsoring organizations of the treadway Commission.

Cox, L.A. (2008) “What’s wrong with risk matrixes?” Risk Analysis 28(2): 497–512.

Knight, F.H. (1921) Risk, uncertainty and profit. Chicago: University of Chicago Press.

Power, M. (2007) Organized uncertainty: designing a world of risk management. oxford: oxford University Press.

shimpi, P. (1999) Integrating corporate risk management. new York: texere Publishing.

Silvia Jordan is a CARR Research Associate and Assistant Professor in the Department of Accounting, Auditing and taxation at the University of Innsbruck.

“Placing risks on a risk map is…not only a prognostic exercise. The risk map simultaneously evaluates the status of the accounted for entity, eg, a particular project.”

Using risk maps for forming risk appetite (COSO 2004: 17)

CARRneWs


Have you moved or changed jobs recently? Please keep us informed of any changes in your contact details so you can continue receiving Risk&Regulation. email: [email protected] or tel: +44 (0)20 7955 6577

Recent CARR Discussion Paperslse.ac.uk/researchAndExpertise/units/CARR/publications/discussionPapers.aspx

DP 71 Mega-Events and Risk Colonisation: Risk Management and the Olympics Will Jennings, March 2012

CARR NewsJulien Etienne gave the paper “the strategic misappropriation of risk regulation in the workplace: worker involvement in the reporting of industrial incidents to regulatory authorities in France and the UK” at the eGos Conference in Helsinki in July. In the previous month, Julien had spoken on “Incident disclosures by high hazard industries: voluntary initiatives in France and the UK” at the eCPR Regulation & Governance conference in exeter, and on “Disclosures and non-disclosures of industrial incidents by high hazard industries and regulatory responses” at the transatlantic Conference on transparency Research in Utrecht.

In July, Martin Lodge spoke on “Agencies, accountability and consumer sovereignty” at the Regulatory Agencies workshop of the Institut Barcelona d’estudis Internacionals.

Mike Power gave plenary speeches on “organizations and audit trails” at the GMARs Conference, Copenhagen Business school, in June and at the Interdisciplinary Perspectives on Accounting Conference at Cardiff University in July. He spoke on “organized uncertainty” at the University of Kyoto in June and on “Accounting for the impact of research” at eGos, Helsinki, in July. Mike was a panel member at neDs and solvency 2, Institute of Actuaries, in June. He has been appointed as a member of the strategy advisory group at the office of the Rail Regulator and is also a Faculty member of the BP CFo excellence Programme.

In May, Bridget Hutter presented the paper “A delicate balance: a social science perspective on risk regulation” at the workshop Global environmental Risk Governance under Conditions of scientific Uncertainty: Legal, Political and social transformations, at Bar Ilan

University, Israel. In July and August, Bridget was a Visitor at Regnet, Australian national University, where she gave the Master class “Risk regulation and crisis: developing a research project”. In July, she delivered the keynote address “the governance challenges, the role of the state and the limits” at the Australia and new Zealand school of Government Annual Conference and spoke on “Future proofing the state: risk, responses and resilience” at the Museum of new Zealand te Papa tongarewa, Wellington.

Finally, we welcome two new Lse Fellows in Risk and Regulation. Martha Poon studied at the science studies Program, University of California san Diego, and works on the history of the Us consumer credit rating. she is the author of “From new Deal institutions to capital markets: commercial consumer risk scores and the making of subprime mortgage finance” (Accounting, Organizations and Society 34(5): 654-74) and was awarded the 2008 Hacker-Mullins Prize from the science Knowledge and technology section of the American sociological Association.Madalina Busuioc obtained her PhD from Utrecht University in 2010 and was an Assistant Professor at the Amsterdam Centre for european Law and Governance (ACeLG), University of Amsterdam. she has published extensively on european agencies and governance issues. Her latest book European agencies: law and practices of accountability is forthcoming with oxford University Press. she won the 2009 europe Award for Junior Academics, granted by the Montesquieu Institute in the Hague, for her article “Accountability, control and independence: the case of european agencies” (European Law Journal 15(5): 599-615). During her tenure at CARR, she will be working on the broad theme of the “risk management state”.

PublicationsAccounting, Organizations and Institutions: Essays in Honour of Anthony Hopwood (Paperback) Christopher s Chapman, David J Cooper and Peter Miller (eds), oxford University Press 2012

Rethinking Impact and Redefining Responsibility: The Parameters and Coordinates of Accounting and Public Management Reforms Christopher Humphrey and Peter Miller, Accounting, Auditing and Accountability Journal 25(2), 2012, pp. 295-327

Olympic Risks Will Jennings, Palgrave Macmillan 2012

Executive Politics in Times of Crisis Martin Lodge and Kai Wegrich (eds), Palgrave Macmillan 2012

Managing Regulation: Regulatory Analysis, Politics and Policy Martin Lodge and Kai Wegrich, Palgrave Macmillan 2012

Accounting, Territorialization and Power Andrea Mennicken and Peter Miller, Foucault Studies 13, May 2012, pp. 4-24

Managing Inter-Firm Interdependencies in R&D Investment: Insights from the Semiconductor Industry Peter Miller, Jodie Moll and ted o’Leary, CIMA Report 8(3), 2012

Exploring Risk Culture in Financial Institutions Michael Power, FS Focus (ICAeW), May 2012

Review Essay: Education, Professionalism and the Quest for Accountability by Jane Green Michael Power, British Journal of Sociology of Education 33(4), 2012, pp. 621-8

CARR Seminars 201220 september 2012Professor Charles PerrowYale UniversityRisk and Denials: Exploring Energy Risk Possibilities and Probabilities from 1945 to 2012

15 May 2012Professor olivier Borrazsciences Po, ParisWhat’s Political about Risk? New Challenges in the Study of Risk

1 May 2012Professor tom ChristensenUniversity of osloHow to Cope with a Terrorist Attack? Challenges to Political and Administrative Leadership

CARRPeoPLe


CARR Directorate

Professor Michael PowerDirector, CARR; Professor of Accounting, Accounting DepartmentRole of internal and external auditing; Risk reporting and communication; Financial accounting and auditing regulation.

Dr Martin LodgeDeputy Director, CARR; Reader in Political Science and Public Policy, Government DepartmentComparative regulation and public administration; Government and politics of the EU and of Germany; Railway regulation in Britain and Germany; Regulatory reform in Jamaica.

CARR Research staff

Dr Madalina BusuiocLSE Fellow in Risk and RegulationAccountability, crisis management, European law, executive politics, public administration, risk governance, risk regulation.

Dr Julien EtienneBritish Academy Postdoctoral FellowRegulatory compliance, administrative errors, and major accident hazard regulation.

Dr Martha PoonLSE Fellow in Risk and RegulationHistorical research on the use of commercial risk metrics in financial markets, history of consumer credit ratings, social studies of finance, science and technology studies, anthropology of contemporary markets.

CARR senior Research Associates

Professor Bridget HutterProfessor of Risk Regulation, Sociology DepartmentSociology of regulation and risk management; Regulation of economic life; Corporate responses to state and non-state forms of regulation.

Professor Peter MillerProfessor of Management Accounting, Accounting DepartmentAccounting and advanced manufacturing systems; Investment appraisal and capital budgeting; Accounting and the public sector; Social and institutional aspects of accounting.

CARR Research Associates

Professor Michael Barzelay – Professor of Public Management, LSE

Dr Matthias Benzer – Lecturer in Sociology, Department of Sociological Studies, University of Sheffield

Dr Daniel Beunza – Lecturer in Management, Management Department, LSE

Professor Gwyn Bevan – Professor of Management Science, LSE

Professor Julia Black – Professor of Law, LSE

Dr Adam Burgess – Reader in Social Risk Research, School of Social Policy, Sociology and Social Research, University of Kent

Dr Yasmine Chahed – Lecturer in Accounting, Accounting Department, LSE

Professor Damian Chalmers – Professor of European Union Law, LSE

Dr David Demortain – Research Fellow, IFRIS, University of Paris-Est

Dr Anneliese Dodds – Lecturer in Public Policy, Sociology and Public Policy Group, Aston University

Dr John Downer – Zukerman Fellow, Center for International Security and Cooperation, Stanford University

Dr Terence Gourvish – Director, Business History Unit, LSE

Professor Michael Huber – Professor for Higher Education Research, Institute for Science and Technology Studies (IWT), Bielefeld University

Dr Will Jennings – Centre for Citizenship, Globalization and Governance, University of Southampton

Dr Silvia Jordan – Assistant Professor in Accounting, Department of Accounting, Auditing and Taxation, University of Innsbruck

Professor Roger King – Visiting Professor at the School of Management, University of Bath

Dr Mathias Koenig-Archibugi – Senior Lecturer in Global Politics, Government Department, LSE

Dr Christel Koop – Lecturer in Political Economy, Department of Political Economy, King’s College London

Dr Liisa Kurunmäki – Reader in Accounting, Accounting Department, LSE

Dr Javier Lezaun – University Lecturer in Science and Technology Governance, James Martin Institute, Saïd Business School, University of Oxford

Professor Sally Lloyd-Bostock – Visiting Professor, Sociology Department, LSE

Professor Donald MacKenzie – Professor of Sociology, University of Edinburgh

Dr Carl Macrae – Senior Research Fellow in Improvement Science, Department of Health Sciences, University of Leicester

Dr Kira Matus – Lecturer in Public Policy and Management, Government Department, LSE

Dr Andrea Mennicken – Lecturer in Accounting, Accounting Department, LSE

Professor Anette Mikes – Assistant Professor of Business Administration, Harvard Business School

Dr Yuval Millo – Lecturer in Accounting, Accounting Department, LSE

Professor Edward C. Page – Sidney and Beatrice Webb Professor of Public Policy, LSE

Professor Nick Pidgeon – Professor of Environmental Psychology, Cardiff University

Professor Tony Prosser – Professor of Public Law, University of Bristol

Dr Henry Rothstein – Senior Lecturer in Risk Management, Department of Geography and King’s Centre for Risk Management, King’s College London

Dr Rita Samiolo – Lecturer in Accounting, Accounting Department, LSE

Professor Nick Sitter – Professor of Public Policy, Central European University

Dr Kim Soin – Reader in Accounting, Department of Accounting and Finance, University of Greenwich

Dr Lindsay Stirton – Lecturer in Medical Law and Ethics, School of Law, University of Manchester

Professor Brendon Swedlow – Associate Professor of Political Science, Northern Illinois University

Professor Peter Taylor-Gooby – Professor of Social Policy, University of Kent, Canterbury

Frank Vibert – Founder Director, European Policy Forum

Professor Kai Wegrich – Professor of Public Administration and Public Policy, Hertie School of Governance, Berlin

CARR Visiting Fellows

James Strachan – Visiting Senior FellowEx-Chair of Audit Commission; Board member of a number of public and private sector organizations

Jeremy Lonsdale – Visiting Senior FellowNational Audit Office

CARR Administration

Yvonne Guthrie – Centre Manager and Discussion Papers

Justin Adams – Seminars

Lynsey Dickson – Web and Publications

Elizabeth Venning – Reception

lse.

ac.u

k/C

AR

R

Centre for Analysis of Risk and Regulation The London School of Economics and Political Science Houghton Street London WC2A 2AE United Kingdom

Tel: + 44 (0) 20 7955 6577

Fax: + 44 (0) 20 7955 7420

Website: lse.ac.uk/CARR

Email: [email protected]

risk regulation - london school of economics...risk&regulation, summer 2011 3 carreditorial...

Documents